cve-2012-1557
Vulnerability from cvelistv5
Published
2012-03-12 19:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.parallels.com/en/113321"
},
{
"name": "79769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79769"
},
{
"name": "[oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216"
},
{
"name": "plesk-unspec-unauth-access(73628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73628"
},
{
"name": "48262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48262"
},
{
"name": "52267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html"
},
{
"name": "1026760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.parallels.com/en/113321"
},
{
"name": "79769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79769"
},
{
"name": "[oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216"
},
{
"name": "plesk-unspec-unauth-access(73628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73628"
},
{
"name": "48262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48262"
},
{
"name": "52267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html"
},
{
"name": "1026760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html",
"refsource": "MISC",
"url": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html"
},
{
"name": "http://kb.parallels.com/en/113321",
"refsource": "CONFIRM",
"url": "http://kb.parallels.com/en/113321"
},
{
"name": "79769",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79769"
},
{
"name": "[oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/3"
},
{
"name": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216",
"refsource": "CONFIRM",
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216"
},
{
"name": "plesk-unspec-unauth-access(73628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73628"
},
{
"name": "48262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48262"
},
{
"name": "52267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52267"
},
{
"name": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216",
"refsource": "CONFIRM",
"url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html"
},
{
"name": "1026760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1557",
"datePublished": "2012-03-12T19:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA6C1A76-AB1D-45D7-99D5-A2392B4D85FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:7.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52CD2B0D-DCB0-4EE1-813C-0527D13CABD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED2B3C14-5538-47DC-BF64-03F2177FA8AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0417C9FB-DB4E-4BFD-A9FD-0626094C661D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7351CAC7-245F-4659-844A-B431293293C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E0AB1EA-2E34-4EC6-9F7B-F8B908B2E8D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B8EAF27-20FD-4FDE-9D03-AB29386A9697\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"235AAEAB-D727-4D7B-921E-2ECC517CAE12\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA7C45B1-433A-438A-BF09-75126E2D0FA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F359ED1-E1E6-47D0-8180-92FBF0C2E53F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"615F32BA-5E4C-4548-BA27-F69DF85C95F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"294AF9FE-D59B-42B8-9FE9-E82C88CDBC0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:9.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"175136E3-42E7-44D5-9B2E-E4E7E9AF34BF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#10:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC75A0C1-4D35-4AF8-95B8-819FDD2062BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#11:*:*:*:*:*:*\", \"matchCriteriaId\": \"D78C40B3-A4D5-4475-85E9-3D41E1176468\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A23B4D7-B36C-4910-9836-68AE2CC8EE55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#3:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F2AC6B-2F00-467B-9F33-9F62038DA830\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6C76C7B-152D-452E-A8CC-D17BCB264D89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#7:*:*:*:*:*:*\", \"matchCriteriaId\": \"D804DE8E-6D24-4D94-A668-B0FD246AF8C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#10:*:*:*:*:*:*\", \"matchCriteriaId\": \"06776E07-03BA-4556-898A-AD76770DF139\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#11:*:*:*:*:*:*\", \"matchCriteriaId\": \"97B96A1E-DF80-447F-B3A4-13EDB460ABFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#12:*:*:*:*:*:*\", \"matchCriteriaId\": \"624AB4AE-020B-4DDA-AF67-7970D4E3C3F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#13:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A2DBF62-97BC-486A-A622-15B3D11F6536\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#15:*:*:*:*:*:*\", \"matchCriteriaId\": \"13DE426C-237F-433D-8AF2-56E0FD91059E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#16:*:*:*:*:*:*\", \"matchCriteriaId\": \"41D33991-36AF-4750-B5FF-1BD4D1F84B7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#17:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13559E-10F5-480E-8839-43BC68A988FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#18:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6903BBA-1E87-4B25-913A-B35923380B78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#19:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E485028-1975-45DD-A42D-D7B6AC80CDC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#20:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2EFFB42-825E-4305-80CA-3EA4F67A4CF2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEBA2C10-A854-4619-9182-387C445A8E68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#10:*:*:*:*:*:*\", \"matchCriteriaId\": \"A03EE1DD-3459-4B54-A54B-41E1C01288BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#11:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4F5773A-243B-4425-90C9-9141CD4B55F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#12:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5DDA5E-CA7B-4938-BF63-85C3979F7233\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A373F030-FB0A-449B-B05A-1024FE336932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#3:*:*:*:*:*:*\", \"matchCriteriaId\": \"25523FCE-6CD4-4442-A27A-19B2FCCBC5F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D76D5364-E5C2-4D2F-9CD8-90D97FA758A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#5:*:*:*:*:*:*\", \"matchCriteriaId\": \"66B7567B-3D36-45C0-A46D-D52B28747E43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#7:*:*:*:*:*:*\", \"matchCriteriaId\": \"685C2529-90BB-40FA-840A-0E7A09C9C683\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#8:*:*:*:*:*:*\", \"matchCriteriaId\": \"05465C81-E419-40EE-8B8B-5F6C989B81F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#9:*:*:*:*:*:*\", \"matchCriteriaId\": \"E05F40F6-320C-47EB-BD01-54094A4CC308\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BB08788-33E3-4B7A-A052-48764827EAE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#3:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0E3EA-3D45-4A18-8316-309106DAE2B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8243DCCF-0338-46E5-87FE-48D79799FBC4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en admin/plib/api-rpc/Agent.php de Parallels Plesk Panel 7.x y 8.x anteriores a 8.6 MU#2, 9.x anteriores a 9.5 MU#11, 10.0.x anteriores a MU#13, 10.1.x anteriores a MU#22, 10.2.x anteriores a MU#16, t 10.3.x anteriores a MU#5 permite a atacantes remotos ejecutar comandos SQL de su elecci\\u00f3n a trav\\u00e9s de vectores sin especificar, como se ha demostrado en ataques reales en marzo del 2012.\"}]",
"id": "CVE-2012-1557",
"lastModified": "2024-11-21T01:37:12.537",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-03-12T19:55:01.417",
"references": "[{\"url\": \"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://kb.parallels.com/en/113321\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48262\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/08/3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/79769\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/52267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1026760\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/73628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://kb.parallels.com/en/113321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/08/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/79769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/52267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1026760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/73628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-1557\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-03-12T19:55:01.417\",\"lastModified\":\"2024-11-21T01:37:12.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en admin/plib/api-rpc/Agent.php de Parallels Plesk Panel 7.x y 8.x anteriores a 8.6 MU#2, 9.x anteriores a 9.5 MU#11, 10.0.x anteriores a MU#13, 10.1.x anteriores a MU#22, 10.2.x anteriores a MU#16, t 10.3.x anteriores a MU#5 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar, como se ha demostrado en ataques reales en marzo del 2012.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA6C1A76-AB1D-45D7-99D5-A2392B4D85FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:7.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52CD2B0D-DCB0-4EE1-813C-0527D13CABD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED2B3C14-5538-47DC-BF64-03F2177FA8AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0417C9FB-DB4E-4BFD-A9FD-0626094C661D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7351CAC7-245F-4659-844A-B431293293C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E0AB1EA-2E34-4EC6-9F7B-F8B908B2E8D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8EAF27-20FD-4FDE-9D03-AB29386A9697\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235AAEAB-D727-4D7B-921E-2ECC517CAE12\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7C45B1-433A-438A-BF09-75126E2D0FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F359ED1-E1E6-47D0-8180-92FBF0C2E53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"615F32BA-5E4C-4548-BA27-F69DF85C95F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294AF9FE-D59B-42B8-9FE9-E82C88CDBC0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:9.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175136E3-42E7-44D5-9B2E-E4E7E9AF34BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#10:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC75A0C1-4D35-4AF8-95B8-819FDD2062BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78C40B3-A4D5-4475-85E9-3D41E1176468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A23B4D7-B36C-4910-9836-68AE2CC8EE55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F2AC6B-2F00-467B-9F33-9F62038DA830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C76C7B-152D-452E-A8CC-D17BCB264D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1:mu_\\\\#7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D804DE8E-6D24-4D94-A668-B0FD246AF8C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#10:*:*:*:*:*:*\",\"matchCriteriaId\":\"06776E07-03BA-4556-898A-AD76770DF139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#11:*:*:*:*:*:*\",\"matchCriteriaId\":\"97B96A1E-DF80-447F-B3A4-13EDB460ABFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#12:*:*:*:*:*:*\",\"matchCriteriaId\":\"624AB4AE-020B-4DDA-AF67-7970D4E3C3F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#13:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2DBF62-97BC-486A-A622-15B3D11F6536\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#15:*:*:*:*:*:*\",\"matchCriteriaId\":\"13DE426C-237F-433D-8AF2-56E0FD91059E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#16:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D33991-36AF-4750-B5FF-1BD4D1F84B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#17:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13559E-10F5-480E-8839-43BC68A988FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#18:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6903BBA-1E87-4B25-913A-B35923380B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#19:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E485028-1975-45DD-A42D-D7B6AC80CDC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1:mu_\\\\#20:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2EFFB42-825E-4305-80CA-3EA4F67A4CF2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEBA2C10-A854-4619-9182-387C445A8E68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A03EE1DD-3459-4B54-A54B-41E1C01288BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4F5773A-243B-4425-90C9-9141CD4B55F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#12:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5DDA5E-CA7B-4938-BF63-85C3979F7233\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A373F030-FB0A-449B-B05A-1024FE336932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#3:*:*:*:*:*:*\",\"matchCriteriaId\":\"25523FCE-6CD4-4442-A27A-19B2FCCBC5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D76D5364-E5C2-4D2F-9CD8-90D97FA758A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#5:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B7567B-3D36-45C0-A46D-D52B28747E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#7:*:*:*:*:*:*\",\"matchCriteriaId\":\"685C2529-90BB-40FA-840A-0E7A09C9C683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#8:*:*:*:*:*:*\",\"matchCriteriaId\":\"05465C81-E419-40EE-8B8B-5F6C989B81F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0:mu_\\\\#9:*:*:*:*:*:*\",\"matchCriteriaId\":\"E05F40F6-320C-47EB-BD01-54094A4CC308\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB08788-33E3-4B7A-A052-48764827EAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#3:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0E3EA-3D45-4A18-8316-309106DAE2B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1:mu_\\\\#4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8243DCCF-0338-46E5-87FE-48D79799FBC4\"}]}]}],\"references\":[{\"url\":\"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.parallels.com/en/113321\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/08/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/79769\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/52267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1026760\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kb.parallels.com/en/113321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/08/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/79769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/52267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.